Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | sandra-griffith |
View: | 221 times |
Download: | 4 times |
PC Support & RepairChapter 10Fundamental Security
Objectives•After completing this chapter, you will meet these
objectives:▫Explain why security is important. ▫Describe security threats. ▫Identify security procedures. ▫Identify common preventive maintenance techniques
for security. ▫Troubleshoot security.
Why is Security Important?
Describe Security Threats•Define viruses, worms, and Trojans. •Explain web security. •Define adware, spyware, and grayware. •Explain Denial of Service (DoS). •Describe spam and popup windows. •Explain social engineering. •Explain TCP/IP attacks. •Explain hardware deconstruction and recycling.
Virus•Malicious intent•Attached to software,
documents, or code▫Some can lay dormant
•Executes when program runs/opens▫Can corrupt or delete files▫Some capture keystrokes
•Spreads by email, file transfer, IM
Worm•Self-replicating program•Duplicates across network w/out you knowing▫Doesn’t need to attach to program
•Ties up bandwidth of network▫Can’t perform normal network functions
Trojan Horse•Hidden in software▫“Appears” to be
something good•Can reproduce & spread▫Loss of data▫Infect other computers
Anti-Virus Software• Can detect, disable, and remove viruses, worms, and
Trojans • YOU must be sure to apply updates (virus signature files”
a programing code), patches, etc.
•Have a security policy at company•Maintenance schedule•Make employees aware of opening email attachments
•Name some AV software
Adware•Displays ads on computer▫Usually in pop ups▫Pops up faster than you can close
•Comes in software you download
Malware•Grayware▫Not a virus but harmful or annoying
Phishing attacks May change desktop background, home page
▫Can be removed using spyware and adware removal tools
▫Detection looks at patterns in the programming code of the software on a computer
Spyware•Type of grayware▫Similar to adware▫Make your computer▫Display incorrect
homepage•Distributes w/out you
knowing•Monitors computer
activity▫Sends info to creator
Phishing•Social engineering•Pretends to be legit▫Bank
•Email contact▫Ask to verify password or account to prevent
something bad from happening▫Through link to real-looking web page
Activity
Review•What places ads on the desktop without you doing
anything?▫Adware
•Name two types of malware.▫Grayware & spyware
•What program is self-replicating?▫Worm
•How do you make sure your AV software can protect you from the latest viruses?▫Download the latest virus updates
Review•Which attack comes by email and directs you to a
web page to enter personal info?▫Phishing
•Which software is installed on your computer w/out your knowing when you download a program and it displays product “windows” on the screen?▫Adware
•What ties up the networks bandwidth?▫Worm
Denial of Service (DoS)• Prevents users from accessing services on network▫System is busy responding to the large amounts of
requests; Resources get overloaded & shut down• Disconnect the host from network• PING OF DEATH▫Many, large pings
• EMAIL BOMB▫ Large amounts of bulk email overloads server
• DDoS▫Uses infected “zombie” computers to launch attacks▫Zombies are all over the place; can’t trace attack
DoS
Spam•Unsolicited junk mail•Can include links to infected site▫Or pop-ups
•Email/AV software can detect it▫No subject line ▫Incomplete return address ▫Computer generated e-mail ▫Return e-mail not sent by the user
Social Engineering•Person who can gain access to equipment or network
by tricking people▫Get their username/password
•Ensuring that each uses of an access card to only one user at a time
•Guide visitor within the premises escorting them as they leave
Other Attacks through TCP/IP•Spoofing▫Gains access to resources on devices by pretending to
be a trusted computer
•Man-in-the-middle▫Intercepts or inserts false information in traffic
between two hosts▫Replay- TCIP attack were attackers uses sniffer to
extract user names and passwords of critical account information
Hardware Destruction• Data wiping ▫Used to remove sensitive data
Formatting is not enough▫Overwrites data multiple times
•Hard drive destruction ▫Shatter platters with hammer▫Shred CD’s & floppies
•Hard drive recycling (no sensitive data)▫Format & reuse or donate
Review• A visitor at your work looks over your shoulder & sees
your password. They then go home & use it to access the network. What is this called?▫Social engineering
•Which attack uses zombies all over to overwhelm/flood servers?▫DDoS
• The IRS is replacing their computers. What should you do to the old hard drives to protect any sensitive data before you recycle the PC’s?▫Destroy with a hammer
Review•Which attack tricks you into entering your personal
info through email and a spoofed web site?▫Phishing
•What is the proper way to remove personal data from a hard drive that does not contain sensitive info?▫Data wiping
•What attack gets the info before it gets to its destination?▫Man-in-the-middle
Identify Security Procedures•Explain what is required in a basic local security
policy. •Explain the tasks required to protect physical
equipment. •Describe ways to protect data. •Describe wireless security techniques.
Protecting Equipment• Physical▫Cable locks▫ Locked rooms▫Security cages▫Alarms▫Web cams
• Access▫Card keys▫Biometrics –uses physical characteristics▫Disable the auto run feature on the operating system▫Security guards
Protecting Equipment•Trusted Platform Module (TPM)•Physical security technology▫Chip installed on motherboard▫Can authenticate hardware & software▫Store info about host
Digital certificates Passwords Encryption keys
▫Makes it harder for hackers to gain access Because it’s hardware based
Developing organizational security policies
•What assets need protection•What needs to be done in case of security breach•What are the possible threats to the item
Protect Data•BIOS password▫Prevents BIOS changes & OS access
• Login password
Security Policy• A security policy should describe how a company addresses security issues.
• Everyone in the organization should give high priority to computer and network security
• Everyone can be affected by computer and network security problems
Passwords•Should expire after a specific period of time•Should contain a mix of letters and numbers• Lockout rules apply after unsuccessful attempts•Rules should state:▫Username naming convention (jsmith)▫When passwords expire & when they will lockout
•Standards should prevent users from writing down passwords and exposing them to public view
Protect Data•Data encryption▫Used in a VPN
•Firewall▫Allows/denies traffic to & from
network•Smart Card▫Card with chip
•Biometrics▫Fingerprint, eye, facial, etc.
Data Backups•Full weekly or monthly▫Then frequent partial
•Should be stored off-site
•Protect backup with password
Wireless Security•SSID▫Name of wireless network▫Can disable the broadcast
•MAC address filter▫Only your MAC addresses allowed
•Encrypt & authenticate data▫WEP (weak)▫WPA (better)
WPA2 (best)▫LEAP (Cisco’s for Win & Linux)
Wireless Security•Poor wireless device security•This condition allow unauthorized access to a
network who are not physically connected•Uses WPA2 to secure traffic
Wireless Security Techniques
Review•A fingerprint reader is what kind of security?▫Biometrics
•Which wireless security should you use when you have all Cisco equipment?▫LEAP
•Where should backups be stored?▫Off-site
•How should a telecommuter send secure data to the company while traveling?▫Through a VPN
Review•To secure your wireless network you should disable
this & enable this…▫Disable the SSID broadcast▫Enable WPA encryption
•T or F. Passwords should be text only.•T or F. You should set a password lockout rule.•What hardware/software security method on the
motherboard supports storing encryption keys, digital certificates, and passwords?▫TPM
Review•What was the 1st wireless encryption, which is also
the weakest?▫WEP
•This Cisco encryption is just as strong as WPA2.▫LEAP
•What security method has a chip on a card?▫Smart Card
•What wireless security method will ensure ONLY your computers are accessing the network?▫MAC address filtering
Lab•Packet Tracer Lab 9.3.4▫Build & secure a wireless network
Preventive Maintenance for Security
•Explain how to update signature files for anti-virus and anti-spyware software.
•Explain how to install operating system service packs and security patches.
Java & Active X•Can be used to install unwanted program on your
computer
Step 1 Identify the problem (open ended questions)
Step 2 Establish a theory of probable causes
Step 3 Determine an exact cause
Step 4 Implement a solution( establish a plan of action for resolution)
Step 5 Verify solution and full system functionality
Step 6 Document findings
Troubleshooting Process
Installing Patches & Service Packs•Usually to fix security holes▫Windows XP had a lot of them!
1.Create a restore point2.Check for updates3.Download4.Install5.Make sure it works
Common Communication Encryption Types•Hash Encoding uses a mathematical function to
create a numeric value that is unique to the data. •Symmetric Encryption requires both sides of an
encrypted conversation to use an encryption key to encode and decode the data.
•Asymmetric Encryption requires two keys, a private key and a public key.
Presentation_ID 45© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Port Forwarding and Port Triggering
Port forwarding is a rule-based method of directing traffic between devices on separate networks:
•Used when specific ports must be opened so that certain programs and applications can communicate with devices on different networks.
•Router determines if the traffic should be forwarded to a certain device based on the port number found with the traffic. For example HTTP – Port 80.
Port triggering allows the router to temporarily forward data through inbound ports to a specific device.
•For example, a video game might use ports 27000 to 27100 for connecting with other players. These are the trigger ports.
Presentation_ID 46© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Configuring Firewall Types
A Firewall selectively denies traffic to a computer or network segment. Based on Ports and Protocols
Restrictive security policy - A firewall that opens only the required ports. Any packet not explicitly permitted is denied.
Configuring the Windows 7 or Windows Vista firewall can be completed in two ways:
•Automatically - The user is prompted to Keep Blocking, Unblock, or Ask Me Later for unsolicited requests.
•Manage Security Settings – the user adds the program or ports that are required for the applications in use on the network.
Presentation_ID 47© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
A security policy should address these key areas: Process for handling network security incidents
Process to audit existing network security
General security framework for implementing network security
Behaviors that are allowed
Behaviors that are prohibited
What to log and how to store the logs: Event Viewer, system log files, or security log files
Network access to resources through account permissions
( ensure the security policy is enforced )Authentication technologies to access data: usernames, passwords, biometrics, and smart cards
Security Policy Requirements
Presentation_ID 48© 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential
Signature(Programing code patterns of viruses) File Updates
Uses Fixmbr command when a virus has damage master boot record
Set virus protection to scan removable media when data is acessed.
Troubleshooting
Review- 11 Questions
PC Support & RepairChapter 9Fundamental Security